package com.xm9m.web.service.security.oauth2;


import com.salesmanager.core.business.oauth2.model.OauthClientDetails;
import com.salesmanager.core.business.oauth2.service.OauthClientDetailsService;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler;

//import org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler;
//
public class OauthUserApprovalHandler extends TokenStoreUserApprovalHandler {

    private OauthClientDetailsService oauthClientDetailsService;


    //此处对code方式验证增加扩展 当trusted=true时网页不用点击授权按钮 直接获取token
    public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
        if (super.isApproved(authorizationRequest, userAuthentication)) {
            return true;
        }
        if (!userAuthentication.isAuthenticated()) {
            return false;
        }

        OauthClientDetails clientDetails = oauthClientDetailsService.findOauthClientDetails(authorizationRequest.getClientId());
        return clientDetails != null && clientDetails.trusted().toLowerCase().equals("true");

    }

    public void setOauthService(OauthClientDetailsService oauthService) {
        this.oauthClientDetailsService = oauthService;
    }
}
